From 00efecdce621cc5e6046599ee1294433030580ea Mon Sep 17 00:00:00 2001
From: Emilien Macchi <emacchi@redhat.com>
Date: Thu, 11 Jan 2024 08:48:44 -0500
Subject: [PATCH] e2e: bastion tests

---
 hack/ci/cloud-init/controller.yaml.tpl |  2 +
 test/e2e/data/e2e_conf.yaml            |  1 +
 test/e2e/shared/defaults.go            |  1 +
 test/e2e/suites/e2e/e2e_test.go        | 84 ++++++++++++++++++++++++++
 4 files changed, 88 insertions(+)

diff --git a/hack/ci/cloud-init/controller.yaml.tpl b/hack/ci/cloud-init/controller.yaml.tpl
index 21fc3cf4aa..20eb78627f 100644
--- a/hack/ci/cloud-init/controller.yaml.tpl
+++ b/hack/ci/cloud-init/controller.yaml.tpl
@@ -177,6 +177,8 @@
     openstack flavor create --ram 4192 --disk 20 --ephemeral 5 --vcpus 2 --public --id 2 m1.small --property hw_rng:allowed='True'
     openstack flavor delete m1.medium
     openstack flavor create --ram 6144 --disk 20 --ephemeral 5 --vcpus 2 --public --id 3 m1.medium --property hw_rng:allowed='True'
+    # Create an additional flavor for the e2e tests that will be used by the e2e bastion tests
+    openstack flavor create --ram 512 --disk 1 --ephemeral 1 --vcpus 1 --public --id 10 m1.tiny.alt --property hw_rng:allowed='True'
 
     # Adjust the CPU quota
     openstack quota set --cores 32 demo
diff --git a/test/e2e/data/e2e_conf.yaml b/test/e2e/data/e2e_conf.yaml
index a7c885d303..5a39bf9c1e 100644
--- a/test/e2e/data/e2e_conf.yaml
+++ b/test/e2e/data/e2e_conf.yaml
@@ -190,6 +190,7 @@ variables:
   EXP_CLUSTER_RESOURCE_SET: "true"
   OPENSTACK_BASTION_IMAGE_NAME: "cirros-0.6.1-x86_64-disk"
   OPENSTACK_BASTION_MACHINE_FLAVOR: "m1.tiny"
+  OPENSTACK_BASTION_MACHINE_FLAVOR_ALT: "m1.tiny.alt"
   OPENSTACK_CLOUD: "capo-e2e"
   OPENSTACK_CLOUD_ADMIN: "capo-e2e-admin"
   OPENSTACK_CLOUD_CACERT_B64: "Cg=="
diff --git a/test/e2e/shared/defaults.go b/test/e2e/shared/defaults.go
index df6315f773..ab2079381f 100644
--- a/test/e2e/shared/defaults.go
+++ b/test/e2e/shared/defaults.go
@@ -35,6 +35,7 @@ const (
 	KubernetesVersion          = "KUBERNETES_VERSION"
 	CCMPath                    = "CCM"
 	CCMResources               = "CCM_RESOURCES"
+	OpenStackBastionFlavorAlt  = "OPENSTACK_BASTION_MACHINE_FLAVOR_ALT"
 	OpenStackCloudYAMLFile     = "OPENSTACK_CLOUD_YAML_FILE"
 	OpenStackCloud             = "OPENSTACK_CLOUD"
 	OpenStackCloudAdmin        = "OPENSTACK_CLOUD_ADMIN"
diff --git a/test/e2e/suites/e2e/e2e_test.go b/test/e2e/suites/e2e/e2e_test.go
index f4b92c9a42..cf9b67e221 100644
--- a/test/e2e/suites/e2e/e2e_test.go
+++ b/test/e2e/suites/e2e/e2e_test.go
@@ -162,6 +162,90 @@ var _ = Describe("e2e tests [PR-Blocking]", func() {
 			// We expect 4 security group rules that allow Calico traffic on the control plane
 			// from both the control plane and worker machines and vice versa, that makes 8 rules.
 			Expect(calicoSGRules).To(Equal(8))
+
+			shared.Logf("Check the bastion")
+			openStackCluster, err = shared.ClusterForSpec(ctx, e2eCtx, namespace)
+			Expect(err).NotTo(HaveOccurred())
+			bastionSpec := openStackCluster.Spec.Bastion
+			bastionServerName := openStackCluster.Status.Bastion.Name
+			bastionServer, err := shared.DumpOpenStackServers(e2eCtx, servers.ListOpts{Name: bastionServerName})
+			Expect(err).NotTo(HaveOccurred())
+			Expect(bastionServer).To(HaveLen(1))
+
+			shared.Logf("Disable the bastion")
+			openStackCluster, err = shared.ClusterForSpec(ctx, e2eCtx, namespace)
+			Expect(err).NotTo(HaveOccurred())
+			openStackClusterDisabledBastion := openStackCluster.DeepCopy()
+			openStackClusterDisabledBastion.Spec.Bastion.Enabled = false
+			Expect(e2eCtx.Environment.BootstrapClusterProxy.GetClient().Update(ctx, openStackClusterDisabledBastion)).To(Succeed())
+			Eventually(
+				func() (bool, error) {
+					bastionServer, err := shared.DumpOpenStackServers(e2eCtx, servers.ListOpts{Name: bastionServerName})
+					Expect(err).NotTo(HaveOccurred())
+					if len(bastionServer) == 0 {
+						return true, nil
+					}
+					return false, errors.New("bastion server still exists")
+				}, 2*time.Minute, 10*time.Second,
+			).Should(BeTrue())
+			Eventually(
+				func() (bool, error) {
+					openStackCluster, err = shared.ClusterForSpec(ctx, e2eCtx, namespace)
+					Expect(err).NotTo(HaveOccurred())
+					if openStackCluster.Status.Bastion == nil {
+						return true, nil
+					}
+					return false, errors.New("bastion still exists in status")
+				}, 2*time.Minute, 10*time.Second,
+			).Should(BeTrue())
+
+			shared.Logf("Delete the bastion")
+			openStackCluster, err = shared.ClusterForSpec(ctx, e2eCtx, namespace)
+			Expect(err).NotTo(HaveOccurred())
+			openStackClusterWithoutBastion := openStackCluster.DeepCopy()
+			openStackClusterWithoutBastion.Spec.Bastion = nil
+			Expect(e2eCtx.Environment.BootstrapClusterProxy.GetClient().Update(ctx, openStackClusterWithoutBastion)).To(Succeed())
+			openStackCluster, err = shared.ClusterForSpec(ctx, e2eCtx, namespace)
+			Expect(err).NotTo(HaveOccurred())
+			Eventually(
+				func() (bool, error) {
+					openStackCluster, err = shared.ClusterForSpec(ctx, e2eCtx, namespace)
+					Expect(err).NotTo(HaveOccurred())
+					if openStackCluster.Spec.Bastion == nil {
+						return true, nil
+					}
+					return false, errors.New("bastion still exists in spec")
+				}, 2*time.Minute, 10*time.Second,
+			).Should(BeTrue())
+
+			shared.Logf("Create the bastion with a new flavor")
+			openStackCluster, err = shared.ClusterForSpec(ctx, e2eCtx, namespace)
+			Expect(err).NotTo(HaveOccurred())
+			openStackClusterWithNewBastionFlavor := openStackCluster.DeepCopy()
+			openStackClusterWithNewBastionFlavor.Spec.Bastion = bastionSpec
+			openStackClusterWithNewBastionFlavor.Spec.Bastion.Instance.Flavor = e2eCtx.E2EConfig.GetVariable(shared.OpenStackBastionFlavorAlt)
+			Expect(e2eCtx.Environment.BootstrapClusterProxy.GetClient().Update(ctx, openStackClusterWithNewBastionFlavor)).To(Succeed())
+			Eventually(
+				func() (bool, error) {
+					openStackCluster, err = shared.ClusterForSpec(ctx, e2eCtx, namespace)
+					Expect(err).NotTo(HaveOccurred())
+					if openStackCluster.Status.Bastion == nil {
+						return false, errors.New("bastion does not exist in status")
+					}
+					bastionServerName := openStackCluster.Status.Bastion.Name
+					bastionServer, err := shared.DumpOpenStackServers(e2eCtx, servers.ListOpts{Name: bastionServerName, Flavor: e2eCtx.E2EConfig.GetVariable(shared.OpenStackBastionFlavorAlt)})
+					Expect(err).NotTo(HaveOccurred())
+					if len(bastionServer) == 1 {
+						return true, nil
+					}
+					return false, errors.New("new bastion server does not exist")
+				}, 2*time.Minute, 10*time.Second,
+			).Should(BeTrue())
+			openStackCluster, err = shared.ClusterForSpec(ctx, e2eCtx, namespace)
+			Expect(err).NotTo(HaveOccurred())
+			Expect(openStackCluster.Spec.Bastion).To(Equal(openStackClusterWithNewBastionFlavor.Spec.Bastion))
+			Expect(openStackCluster.Status.Bastion).NotTo(BeNil())
+			Expect(openStackCluster.Status.Bastion.State).To(Equal("ACTIVE"))
 		})
 	})